ABSTRACT
This paper seeks to address the need for fair elections in an adversarial online setting in ad hoc elections. A major issue with existing online solutions is reliance on authorities, which in practice are often instantiated by only one organisation. We propose a conceptually simple but highly robust approach for casting ballots over commodity anonymisers under minimal assumptions. While other schemes have followed a similar approach none have utilised the primitives to achieve so many desirable properties.
We then exploit this to construct a practical instantiation, called VOTOR---Voting over Tor---(one need not use Tor specifically), whose properties we show to compare favourably with prominent modern remote voting schemes such as Remotegrity and Helios. In particular, it shares the same coercion-resistance property, which we call weak receiptfreeness, as the latter two, but also provides privacy against election tellers. It is also conceptually simpler in its design than most modern schemes, and can be instantiated to allow voting credentials to persist from one election to the next without privacy attacks on past elections.
- M. Abe. Mix-networks on permutation networks. In Advances in cryptology-ASIACRYPTŠ99, pages 258--273. Springer, 1999. Google ScholarDigital Library
- B. Adida. Helios: Web-based open-audit voting. In P. C. van Oorschot, editor, USENIX Security Symposium, pages 335--348. USENIX Association, 2008. Google ScholarDigital Library
- J. Benaloh. Verifiable secret-ballot elections. PhD thesis, PhD thesis, Yale University, 1987. Google ScholarDigital Library
- J. C. Benaloh and D. Tuinstra. Receipt-free secret-ballot elections (extended abstract). In F. T. Leighton and M. T. Goodrich, editors, STOC, pages 544--553. ACM, 1994. Google ScholarDigital Library
- D. Bernhard, V. Cortier, O. Pereira, B. Smyth, and B. Warinschi. Adapting helios for provable ballot privacy. In V. Atluri and C. Díaz, editors, Computer Security - ESORICS 2011 - 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12--14, 2011. Proceedings, volume 6879 of Lecture Notes in Computer Science, pages 335--354. Springer, 2011. Google ScholarDigital Library
- D. Bernhard, V. Cortier, O. Pereira, and B. Warinschi. Measuring vote privacy, revisited. In T. Yu, G. Danezis, and V. D. Gligor, editors, the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16--18, 2012, pages 941--952. ACM, 2012. Google ScholarDigital Library
- S. Canard, B. Schoenmakers, M. Stam, and J. Traoré. List signature schemes. Discrete Applied Mathematics, 154(2):189--201, 2006. Google ScholarDigital Library
- R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky. Deniable encryption. In Advances in Cryptology - CRYPTO'97, pages 90--104. Springer, 1997. Google ScholarDigital Library
- D. Chaum. Untraceable mail, return addresses and digital pseudonyms. Communications of the ACM, 24(2):84--88, 1981. Google ScholarDigital Library
- D. Chaum. Blind signatures for untraceable payments. In D. Chaum, R. L. Rivest, and A. T. Sherman, editors, CRYPTO, pages 199--203. Plenum Press, New York, 1982.Google Scholar
- D. Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology, 1(1):65--75, 1988. Google ScholarCross Ref
- D. Chaum. Elections with unconditionally-secret ballots and disruption equivalent to breaking rsa. In Advances in Cryptology - EUROCRYPTŠ88, pages 177--182. Springer, 1988. Google ScholarDigital Library
- D. Chaum, R. Carback, J. Clark, A. Essex, S. Popoveniuc, R. L. Rivest, P. Y. A. Ryan, E. Shen, and A. T. Sherman. Scantegrity ii: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In D. L. Dill and T. Kohno, editors, EVT. USENIX Association, 2008. Google ScholarDigital Library
- D. Chaum, P. Y. A. Ryan, and S. A. Schneider. A practical voter-verifiable election scheme. In S. D. C. di Vimercati, P. F. Syverson, and D. Gollmann, editors, ESORICS, volume 3679 of Lecture Notes in Computer Science, pages 118--139. Springer, 2005. Google ScholarDigital Library
- D. Chaum and E. van Heyst. Group signatures. In D. W. Davies, editor, EUROCRYPT, volume 547 of Lecture Notes in Computer Science, pages 257--265. Springer, 1991. Google ScholarDigital Library
- M. R. Clarkson, S. Chong, and A. C. Myers. Civitas: Toward a secure voting system. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 354--368. IEEE Computer Society, 2008. Google ScholarDigital Library
- J. D. Cohen and M. J. Fischer. A robust and verifiable cryptographically secure election scheme. In FOCS, volume 85, pages 372--382, 1985. Google ScholarDigital Library
- R. Cramer, M. Franklin, B. Schoenmakers, and M. Yung. Multi-authority secret-ballot elections with linear work. In Advances in Cryptology - EUROCRYPTŠ96, pages 72--83. Springer, 1996. Google ScholarDigital Library
- S. Delaune, S. Kremer, and M. Ryan. Coercion-resistance and receiptfreeness in electronic voting. In Computer Security Foundations Workshop, 2006. 19th IEEE, pages 12--pp. IEEE, 2006. Google ScholarDigital Library
- D. Demirel, J. Van De Graaf, and R. Araújo. Improving helios with everlasting privacy towards the public. In Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections, pages 8--8. USENIX Association, 2012. Google ScholarDigital Library
- A. Essex, J. Clark, U. Hengartner, and C. Adams. How to print a secret. In Proceedings of the 4th USENIX conference on Hot topics in security, pages 3--3. USENIX Association, 2009. Google ScholarDigital Library
- A. Fujioka, T. Okamoto, and K. Ohta. A practical secret voting scheme for large scale elections. In Advances in Cryptology - AUSCRYPT'92, pages 244--251. Springer, 1993. Google ScholarDigital Library
- M. Hirt and K. Sako. Efficient receipt-free voting based on homomorphic encryption. In Advances in Cryptology - EUROCRYPT 2000, pages 539--556. Springer, 2000. Google ScholarCross Ref
- J. Liu and D. Wong. Linkable ring signatures: Security models and new schemes. In O. Gervasi, M. Gavrilova, V. Kumar, A. LaganÃă, H. Lee, Y. Mun, D. Taniar, and C. Tan, editors, Computational Science and Its Applications âĂŞ ICCSA 2005, volume 3481 of Lecture Notes in Computer Science, pages 614--623. Springer Berlin Heidelberg, 2005. Google ScholarDigital Library
- J. K. Liu, M. H. Au, W. Susilo, and J. Zhou. Linkable ring signature with unconditional anonymity. IEEE Transactions on Knowledge and Data Engineering, 26(1):157--165, 2014. Google ScholarDigital Library
- T. Okamoto. An electronic voting scheme. In Advanced IT Tools, pages 21--30. Springer, 1996.Google ScholarCross Ref
- T. Okamoto. Receipt-free electronic voting schemes for large scale elections. In Security Protocols, pages 25--35. Springer, 1998. Google ScholarDigital Library
- C. Park, K. Itoh, and K. Kurosawa. Efficient anonymous channel and all/nothing election scheme. In T. Helleseth, editor, EUROCRYPT, volume 765 of Lecture Notes in Computer Science, pages 248--259. Springer, 1993. Google ScholarDigital Library
- R. L. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Advances in Cryptology - ASIACRYPT 2001, pages 552--565. Springer, 2001. Google ScholarCross Ref
- K. Sako and J. Kilian. Receipt-free mix-type voting scheme. In Advances in Cryptology - EUROCRYPTŠ95, pages 393--403. Springer, 1995. Google ScholarDigital Library
- B. Smyth and D. Bernhard. Ballot secrecy and ballot independence coincide. In J. Crampton, S. Jajodia, and K. Mayes, editors, Computer Security - ESORICS 2013 - 18th European Symposium on Research in Computer Security, Egham, UK, September 9--13, 2013. Proceedings, volume 8134 of Lecture Notes in Computer Science, pages 463--480. Springer, 2013.Google Scholar
- G. Tsoukalas, K. Papadimitriou, P. Louridas, and P. Tsanakas. From helios to zeus. Presented as part of the USENIX Journal of Election and Technology and Systems (JETS), pages 1--17, 2013.Google Scholar
- F. Zagórski, R. Carback, D. Chaum, J. Clark, A. Essex, and P. L. Vora. Remotegrity: Design and use of an end-to-end verifiable remote voting system. IACR Cryptology ePrint Archive, 2013:214, 2013.Google Scholar
- VOTOR: conceptually simple remote voting against tiny tyrants
Recommendations
Frugal bribery in voting
Bribery in elections is an important problem in computational social choice theory. We introduce and study two important special cases of the classical $Bribery problem, namely, Frugal-bribery and Frugal-$bribery where the briber is frugal in nature. By ...
An Experiment in Approval Voting
The first major experimental comparison of approval voting with regular plurality voting occurred in the 1985 annual election of The Institute of Management Sciences TIMS. In approval voting a person votes for approves of as many candidates as desired, ...
A New Coercion-Resistant and Receipt-Free Electronic Voting System with Verifiability and Secrecy
ICEE '12: Proceedings of the 2012 3rd International Conference on E-Business and E-Government - Volume 02The coexistence of verifiability and voting receipts in an electronic voting system is a contradictory issue. Because the electronic vote is in a virtual form, voters rely on voting receipts to verify the integrity of the votes. However, the voting ...
Comments